← Back to Skills Marketplace

Competitor Radar

Name: Competitor Radar
Author: xiaohuaishu

by xiaohuaishu · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

363

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install competitor-radar

Description

竞品动态监控雷达。自动抓取竞品博客RSS、GitHub Release、HackerNews讨论，用AI评分筛选重要动态，生成结构化报告。当需要了解竞品最新动向、监控行业变化时使用。

README (SKILL.md)

Competitor Radar 🎯

自动监控竞品动态，生成结构化分析报告。

配置竞品

编辑 config.yaml，添加你要监控的竞品：

competitors:
  - name: "竞品名称"
    domain: "example.com"
    blog_rss: "https://example.com/rss.xml"
    github_org: "github-org-name"
    keywords: ["关键词1", "关键词2"]

使用方法

# 扫描过去7天
python3 radar.py

# 扫描过去14天，保存报告
python3 radar.py --days 14 --output report.md

# 跳过AI评分（更快）
python3 radar.py --no-ai

# 使用自定义配置
python3 radar.py --config /path/to/my-config.yaml

数据来源

官网博客 RSS Feed
GitHub Release / Tag
HackerNews 提及

输出格式

Markdown 报告，按重要性分级（🔴重要 / 🟡值得关注 / ⚪一般）

Usage Guidance

Do not install or run this skill without review. The code contains a hard-coded LLM API key and local LLM endpoint (embedded secret) and also uses an optional GITHUB_TOKEN environment variable that is not documented. This is suspicious because secrets should not be hard-coded in distributed code. Before using: (1) inspect radar.py and _write_radar.py yourself (or with a dev) and remove any embedded API keys, replacing them with environment-configured values; (2) supply your own LLM endpoint/key via environment variables or local config and confirm the endpoint is trusted; (3) be aware the script will make network requests to RSS feeds, api.github.com, hn.algolia.com and to the configured LLM endpoint; (4) if you do not control or recognize the embedded key, treat it as potentially compromised and do not expose sensitive data through the skill; (5) prefer running it in an isolated environment (non-privileged user, network-restricted) until you have sanitized the code. If you want, provide the full untruncated radar.py/_write_radar.py and I can point to the exact lines to change.

Capability Analysis

Type: OpenClaw Skill Name: competitor-radar Version: 1.0.0 The skill bundle is a legitimate tool for monitoring competitor activities via RSS feeds, GitHub releases, and HackerNews. The logic in `radar.py` and the helper script `_write_radar.py` is transparent and aligns with the stated purpose in `SKILL.md`. While the code contains a hardcoded API key and references a local LLM proxy (127.0.0.1:18790), these appear to be environment-specific configurations for the OpenClaw platform rather than malicious artifacts. No evidence of data exfiltration, unauthorized file access, or prompt injection was found.

Capability Assessment

⚠ Purpose & Capability

The stated purpose (monitor blogs, GitHub, HackerNews and produce reports) matches the code's fetching and reporting behavior, and requiring python3 is reasonable. However, the code embeds a hard-coded LLM API key and a local LLM endpoint (http://127.0.0.1:18790) directly in the scripts instead of using a declared/optional environment variable. Embedding a key in the code is disproportionate to the stated purpose and not documented in SKILL.md or requires.env.

⚠ Instruction Scope

SKILL.md only instructs running radar.py with an optional config and --no-ai, but the runtime code will call external services (GitHub API, hn.algolia, blogs) and a local LLM endpoint using a hard-coded API key. The instructions do not mention the LLM endpoint, the embedded API key, or optional env vars (e.g., GITHUB_TOKEN), so the runtime behavior is under-documented and gives the skill more network capability than the instructions disclose.

✓ Install Mechanism

No install spec; the skill is instruction-and-code-only and only requires python3 on PATH. This is low install risk because nothing is downloaded during install.

⚠ Credentials

The declared metadata lists no required environment variables, but the code optionally reads GITHUB_TOKEN and unambiguously contains a hard-coded LLM API key and endpoint in both radar.py and _write_radar.py. Requiring or shipping credentials in-code is not proportional: credentials should be optional and provided via environment variables or config, and any required tokens should be declared in the skill metadata.

✓ Persistence & Privilege

always is false and there are no install hooks or modifications to other skills or system-wide settings. The skill can be invoked by the agent autonomously (default), which is expected for skills; that alone is not a concern here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install competitor-radar
After installation, invoke the skill by name or use /competitor-radar
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

初始发布：自动监控竞品博客RSS、GitHub Release、HackerNews动态，AI评分筛选重要信息

Metadata

Slug competitor-radar

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Competitor Radar?

竞品动态监控雷达。自动抓取竞品博客RSS、GitHub Release、HackerNews讨论，用AI评分筛选重要动态，生成结构化报告。当需要了解竞品最新动向、监控行业变化时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 363 downloads so far.

How do I install Competitor Radar?

Run "/install competitor-radar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Competitor Radar free?

Yes, Competitor Radar is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Competitor Radar support?

Competitor Radar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Competitor Radar?

It is built and maintained by xiaohuaishu (@xiaohuaishu); the current version is v1.0.0.

More Skills